diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 16 | ||||
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/wbob.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/x.nix (renamed from makefu/1systems/pornocauster.nix) | 16 | ||||
| -rw-r--r-- | makefu/2configs/tinc/siem.nix | 12 |
5 files changed, 27 insertions, 21 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a878f50e..dffb6b0a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -126,15 +126,15 @@ with config.krebs.lib; }; }; }; - pornocauster = { + x = { cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.91"; ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ - "pornocauster.retiolum" - "pornocauster.r" + "x.retiolum" + "x.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -167,7 +167,7 @@ with config.krebs.lib; }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; }; @@ -441,8 +441,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; shoney = rec { cores = 1; - nets = { + nets = rec { siem = { + via = internet; ip4.addr = "10.8.10.1"; ip4.prefix = "10.8.10.0/24"; aliases = [ @@ -459,6 +460,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.port = 1655; }; internet = { ip4.addr = "64.137.234.215"; @@ -790,8 +792,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; users = rec { makefu = { - mail = "makefu@pornocauster.retiolum"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + mail = "makefu@x.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; pgp.pubkeys.default = builtins.readFile ./default.pgp; pgp.pubkeys.brain = builtins.readFile ./brain.pgp; }; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7c7693ab..766fd715 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -95,7 +95,7 @@ in { method=build \ system={}".format(i)]) - for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]: + for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index e8e0b091..ff593ab3 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -66,7 +66,7 @@ in { client = { enable = true; screenName = "wbob"; - serverAddress = "pornocauster.r"; + serverAddress = "x.r"; }; }; } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/x.nix index b683e563..d41edfa4 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/x.nix @@ -43,16 +43,8 @@ ../2configs/temp/share-samba.nix # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix ]; - - services.tinc.networks.siem = { - name = "makefu"; - extraConfig = '' - ConnectTo = sdarth - ConnectTo = sjump - ''; - }; - krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; @@ -65,10 +57,10 @@ # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 ]; - networking.firewall.allowedUDPPorts = [ 665 ]; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 ]; + networking.firewall.allowedUDPPorts = [ 665 26061 ]; - krebs.build.host = config.krebs.hosts.pornocauster; + krebs.build.host = config.krebs.hosts.x; krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix new file mode 100644 index 00000000..fae72590 --- /dev/null +++ b/makefu/2configs/tinc/siem.nix @@ -0,0 +1,12 @@ +{lib, config, ... }: +{ + # TODO do not know why we need to force it, port is only set via default to 655 + krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; + + networking.firewall.allowedUDPPorts = [ 1665 ]; + networking.firewall.allowedTCPPorts = [ 1655 ]; + krebs.tinc.siem = { + enable = true; + connectTo = [ "shoney" ]; + }; +} |